[Touch-packages] [Bug 1851056] Re: "Proceeding WITHOUT firewalling in effect!" warning

2020-07-07 Thread Dan Streetman
as Eoan will be EOL in weeks, marking this wontfix.

** Changed in: systemd (Ubuntu Eoan)
   Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1851056

Title:
  "Proceeding WITHOUT firewalling in effect!" warning

Status in systemd:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Eoan:
  Won't Fix

Bug description:
  Hello everyone,

  I noticed a strange systemd warning in my kernel log about "Proceeding
  WITHOUT firewalling in effect!" There is an older Debian bug mention
  about this same issue and it is said there that it was fixed last
  year: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872560

  Release: Ubuntu 19.10, fresh install, latest updates with updates-testing 
repository enabled
  Systemd-package version: 242-7ubuntu3
  Kernel: Linux 5.3.0-21-generic

  Here is the relevant warning information via running sudo dmesg after
  boot:

  [2.096064] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
kernel_lockdown.7
  [2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
  [2.136885] systemd[1]: File 
/lib/systemd/system/systemd-journald.service:12 configures an IP firewall 
(IPAddressDeny=any), but the local system does not support BPF/cgroup based 
firewalling.
  [2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This 
warning is only shown for the first loaded unit using IP firewalling.)
  [2.158190] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= 
references a path below legacy directory /var/run/, updating 
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update 
the unit file accordingly.
  [2.197029] systemd[1]: Listening on Journal Socket.
  [2.203708] systemd[1]: Starting Create list of required static device 
nodes for the current kernel...
  [2.243900] bpfilter: Loaded bpfilter_umh pid 420
  #Continues normally from here without anything that seems odd

  The included attachment .txt has more information. From what I've read
  online from various bug trackers from other distributions this should
  be related to a missing kernel option (CONFIG_BPF_SYSCALL=y), but this
  option seems to be enabled:

  # Output after running in commandline: grep BPF /boot/config-`uname -r`
  # Kernel settings seem to be correct?
  CONFIG_CGROUP_BPF=y
  CONFIG_BPF=y
  CONFIG_BPF_SYSCALL=y
  CONFIG_BPF_JIT_ALWAYS_ON=y
  CONFIG_IPV6_SEG6_BPF=y
  CONFIG_NETFILTER_XT_MATCH_BPF=m
  CONFIG_BPFILTER=y
  CONFIG_BPFILTER_UMH=m
  CONFIG_NET_CLS_BPF=m
  CONFIG_NET_ACT_BPF=m
  CONFIG_BPF_JIT=y
  CONFIG_BPF_STREAM_PARSER=y
  CONFIG_LWTUNNEL_BPF=y
  CONFIG_HAVE_EBPF_JIT=y
  CONFIG_BPF_EVENTS=y
  CONFIG_BPF_KPROBE_OVERRIDE=y
  CONFIG_TEST_BPF=m

  Also my friend just installed 19.10 on his machine and is seeing the
  same warning, but I haven't found anyone else mentioning this issue at
  least on the latest Ubuntu 19.10. The same warning message is
  appearing if I run Ubuntu 19.10 in live mode from the USB stick.

  What I expected to happen: no such error (it doesn't appear on Fedora
  or openSUSE Tumbleweed that I've recently had installed on my other
  SSD)

  What happened instead: error appears during every boot sequence

  It's also worth stressing that the firewall is functioning just fine
  (using standard ufw) despite the error, so I'm guessing this is a
  harmless warning.

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1851056/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1851056] Re: "Proceeding WITHOUT firewalling in effect!" warning

2020-04-14 Thread Dan Streetman
** Changed in: systemd (Ubuntu Eoan)
 Assignee: Dan Streetman (ddstreet) => (unassigned)

** Changed in: systemd (Ubuntu Eoan)
   Status: In Progress => New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1851056

Title:
  "Proceeding WITHOUT firewalling in effect!" warning

Status in systemd:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Eoan:
  New

Bug description:
  Hello everyone,

  I noticed a strange systemd warning in my kernel log about "Proceeding
  WITHOUT firewalling in effect!" There is an older Debian bug mention
  about this same issue and it is said there that it was fixed last
  year: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872560

  Release: Ubuntu 19.10, fresh install, latest updates with updates-testing 
repository enabled
  Systemd-package version: 242-7ubuntu3
  Kernel: Linux 5.3.0-21-generic

  Here is the relevant warning information via running sudo dmesg after
  boot:

  [2.096064] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
kernel_lockdown.7
  [2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
  [2.136885] systemd[1]: File 
/lib/systemd/system/systemd-journald.service:12 configures an IP firewall 
(IPAddressDeny=any), but the local system does not support BPF/cgroup based 
firewalling.
  [2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This 
warning is only shown for the first loaded unit using IP firewalling.)
  [2.158190] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= 
references a path below legacy directory /var/run/, updating 
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update 
the unit file accordingly.
  [2.197029] systemd[1]: Listening on Journal Socket.
  [2.203708] systemd[1]: Starting Create list of required static device 
nodes for the current kernel...
  [2.243900] bpfilter: Loaded bpfilter_umh pid 420
  #Continues normally from here without anything that seems odd

  The included attachment .txt has more information. From what I've read
  online from various bug trackers from other distributions this should
  be related to a missing kernel option (CONFIG_BPF_SYSCALL=y), but this
  option seems to be enabled:

  # Output after running in commandline: grep BPF /boot/config-`uname -r`
  # Kernel settings seem to be correct?
  CONFIG_CGROUP_BPF=y
  CONFIG_BPF=y
  CONFIG_BPF_SYSCALL=y
  CONFIG_BPF_JIT_ALWAYS_ON=y
  CONFIG_IPV6_SEG6_BPF=y
  CONFIG_NETFILTER_XT_MATCH_BPF=m
  CONFIG_BPFILTER=y
  CONFIG_BPFILTER_UMH=m
  CONFIG_NET_CLS_BPF=m
  CONFIG_NET_ACT_BPF=m
  CONFIG_BPF_JIT=y
  CONFIG_BPF_STREAM_PARSER=y
  CONFIG_LWTUNNEL_BPF=y
  CONFIG_HAVE_EBPF_JIT=y
  CONFIG_BPF_EVENTS=y
  CONFIG_BPF_KPROBE_OVERRIDE=y
  CONFIG_TEST_BPF=m

  Also my friend just installed 19.10 on his machine and is seeing the
  same warning, but I haven't found anyone else mentioning this issue at
  least on the latest Ubuntu 19.10. The same warning message is
  appearing if I run Ubuntu 19.10 in live mode from the USB stick.

  What I expected to happen: no such error (it doesn't appear on Fedora
  or openSUSE Tumbleweed that I've recently had installed on my other
  SSD)

  What happened instead: error appears during every boot sequence

  It's also worth stressing that the firewall is functioning just fine
  (using standard ufw) despite the error, so I'm guessing this is a
  harmless warning.

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1851056/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1851056] Re: "Proceeding WITHOUT firewalling in effect!" warning

2019-11-20 Thread klogg
That's interesting. With secure boot and lockdown in place there is no
bpf, and without bpf systemd services' acls dont work. Not critical but
essentially totally broken :D

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1851056

Title:
  "Proceeding WITHOUT firewalling in effect!" warning

Status in systemd:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Eoan:
  In Progress

Bug description:
  Hello everyone,

  I noticed a strange systemd warning in my kernel log about "Proceeding
  WITHOUT firewalling in effect!" There is an older Debian bug mention
  about this same issue and it is said there that it was fixed last
  year: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872560

  Release: Ubuntu 19.10, fresh install, latest updates with updates-testing 
repository enabled
  Systemd-package version: 242-7ubuntu3
  Kernel: Linux 5.3.0-21-generic

  Here is the relevant warning information via running sudo dmesg after
  boot:

  [2.096064] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
kernel_lockdown.7
  [2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
  [2.136885] systemd[1]: File 
/lib/systemd/system/systemd-journald.service:12 configures an IP firewall 
(IPAddressDeny=any), but the local system does not support BPF/cgroup based 
firewalling.
  [2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This 
warning is only shown for the first loaded unit using IP firewalling.)
  [2.158190] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= 
references a path below legacy directory /var/run/, updating 
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update 
the unit file accordingly.
  [2.197029] systemd[1]: Listening on Journal Socket.
  [2.203708] systemd[1]: Starting Create list of required static device 
nodes for the current kernel...
  [2.243900] bpfilter: Loaded bpfilter_umh pid 420
  #Continues normally from here without anything that seems odd

  The included attachment .txt has more information. From what I've read
  online from various bug trackers from other distributions this should
  be related to a missing kernel option (CONFIG_BPF_SYSCALL=y), but this
  option seems to be enabled:

  # Output after running in commandline: grep BPF /boot/config-`uname -r`
  # Kernel settings seem to be correct?
  CONFIG_CGROUP_BPF=y
  CONFIG_BPF=y
  CONFIG_BPF_SYSCALL=y
  CONFIG_BPF_JIT_ALWAYS_ON=y
  CONFIG_IPV6_SEG6_BPF=y
  CONFIG_NETFILTER_XT_MATCH_BPF=m
  CONFIG_BPFILTER=y
  CONFIG_BPFILTER_UMH=m
  CONFIG_NET_CLS_BPF=m
  CONFIG_NET_ACT_BPF=m
  CONFIG_BPF_JIT=y
  CONFIG_BPF_STREAM_PARSER=y
  CONFIG_LWTUNNEL_BPF=y
  CONFIG_HAVE_EBPF_JIT=y
  CONFIG_BPF_EVENTS=y
  CONFIG_BPF_KPROBE_OVERRIDE=y
  CONFIG_TEST_BPF=m

  Also my friend just installed 19.10 on his machine and is seeing the
  same warning, but I haven't found anyone else mentioning this issue at
  least on the latest Ubuntu 19.10. The same warning message is
  appearing if I run Ubuntu 19.10 in live mode from the USB stick.

  What I expected to happen: no such error (it doesn't appear on Fedora
  or openSUSE Tumbleweed that I've recently had installed on my other
  SSD)

  What happened instead: error appears during every boot sequence

  It's also worth stressing that the firewall is functioning just fine
  (using standard ufw) despite the error, so I'm guessing this is a
  harmless warning.

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1851056/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1851056] Re: "Proceeding WITHOUT firewalling in effect!" warning

2019-11-08 Thread Valtteri Vainikka
>these messages actually come from the kernel, I believe they are
expected (maybe only in secure boot >mode, I haven't looked into the new
'lockdown' stuff yet). The lack of 'kernel_lockdown' manpage >appears to
be already reported in bug 1767971.

This PC is indeed using secure boot. Here are the relevant lockdown
messages when using the updated systemd package from your repository:

[0.00] Kernel is locked down from EFI secure boot; see man 
kernel_lockdown.7
[0.595817] Lockdown: swapper/0: Hibernation is restricted; see man 
kernel_lockdown.7
[1.904409] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
kernel_lockdown.7
[1.907029] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
[3.768797] Lockdown: Xorg: ioperm is restricted; see man kernel_lockdown.7

I did a bunch of searches on this and while I'm far from an expert, they
seemed to confirm your mention that they are most likely to be expected
(my interpretation of the search results: this lockdown system is meant
to be automatically enabled in modern kernel versions at least when
booting with secure boot). These exact same lockdown messages regarding
systemd are also there on a fully updated Fedora 31, which I dual boot
on this same PC.

> Hmm, that probably needs a further look...

Not sure if this is of any use, but there is also a "local system does
not support BPF/cgroup firewalling." systemd message on the just
released Fedora 31, although it refers to a different .slice. Both
distributions note that BPF is restricted by the secure boot induced
lockdown. Here are the logs:

#Ubuntu 19.10 with updated systemd from PPA
[0.00] Kernel is locked down from EFI secure boot; see man 
kernel_lockdown.7
#Some other stuff in between
[1.907029] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
#Some other stuff in between
[1.982629] systemd[1]: system-systemd\x2dfsck.slice: unit configures an IP 
firewall, but the local system does not support BPF/cgroup firewalling.

#Fedora 31 with testing updates enabled
[0.00] Kernel is locked down from EFI secure boot; see man 
kernel_lockdown.7
#Some other stuff in between
[1.289561] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
#some other stuff in between
[1.317449] systemd[1]: system-systemd\x2dhibernate\x2dresume.slice: unit 
configures an IP firewall, but the local system does not support BPF/cgroup 
firewalling.

> great; thnx!

No problem, reporting it was the least I could do. Thanks a lot for
finding a fix for it and the swift replies in general! While the
firewall actually worked fine it was a fairly scary looking warning. As
for the new bug report, let me know if/when you want me to file it.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1851056

Title:
  "Proceeding WITHOUT firewalling in effect!" warning

Status in systemd:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Eoan:
  In Progress

Bug description:
  Hello everyone,

  I noticed a strange systemd warning in my kernel log about "Proceeding
  WITHOUT firewalling in effect!" There is an older Debian bug mention
  about this same issue and it is said there that it was fixed last
  year: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872560

  Release: Ubuntu 19.10, fresh install, latest updates with updates-testing 
repository enabled
  Systemd-package version: 242-7ubuntu3
  Kernel: Linux 5.3.0-21-generic

  Here is the relevant warning information via running sudo dmesg after
  boot:

  [2.096064] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
kernel_lockdown.7
  [2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
  [2.136885] systemd[1]: File 
/lib/systemd/system/systemd-journald.service:12 configures an IP firewall 
(IPAddressDeny=any), but the local system does not support BPF/cgroup based 
firewalling.
  [2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This 
warning is only shown for the first loaded unit using IP firewalling.)
  [2.158190] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= 
references a path below legacy directory /var/run/, updating 
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update 
the unit file accordingly.
  [2.197029] systemd[1]: Listening on Journal Socket.
  [2.203708] systemd[1]: Starting Create list of required static device 
nodes for the current kernel...
  [2.243900] bpfilter: Loaded bpfilter_umh pid 420
  #Continues normally from here without anything that seems odd

  The included attachment .txt has more information. From what I've read
  online from various bug trackers from other distributions this should
  be related to a missing kernel option (CONFIG_BPF_SYSCALL=y), but this
  option seems 

[Touch-packages] [Bug 1851056] Re: "Proceeding WITHOUT firewalling in effect!" warning

2019-11-05 Thread Bug Watch Updater
** Changed in: systemd
   Status: Unknown => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1851056

Title:
  "Proceeding WITHOUT firewalling in effect!" warning

Status in systemd:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Eoan:
  In Progress

Bug description:
  Hello everyone,

  I noticed a strange systemd warning in my kernel log about "Proceeding
  WITHOUT firewalling in effect!" There is an older Debian bug mention
  about this same issue and it is said there that it was fixed last
  year: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872560

  Release: Ubuntu 19.10, fresh install, latest updates with updates-testing 
repository enabled
  Systemd-package version: 242-7ubuntu3
  Kernel: Linux 5.3.0-21-generic

  Here is the relevant warning information via running sudo dmesg after
  boot:

  [2.096064] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
kernel_lockdown.7
  [2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
  [2.136885] systemd[1]: File 
/lib/systemd/system/systemd-journald.service:12 configures an IP firewall 
(IPAddressDeny=any), but the local system does not support BPF/cgroup based 
firewalling.
  [2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This 
warning is only shown for the first loaded unit using IP firewalling.)
  [2.158190] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= 
references a path below legacy directory /var/run/, updating 
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update 
the unit file accordingly.
  [2.197029] systemd[1]: Listening on Journal Socket.
  [2.203708] systemd[1]: Starting Create list of required static device 
nodes for the current kernel...
  [2.243900] bpfilter: Loaded bpfilter_umh pid 420
  #Continues normally from here without anything that seems odd

  The included attachment .txt has more information. From what I've read
  online from various bug trackers from other distributions this should
  be related to a missing kernel option (CONFIG_BPF_SYSCALL=y), but this
  option seems to be enabled:

  # Output after running in commandline: grep BPF /boot/config-`uname -r`
  # Kernel settings seem to be correct?
  CONFIG_CGROUP_BPF=y
  CONFIG_BPF=y
  CONFIG_BPF_SYSCALL=y
  CONFIG_BPF_JIT_ALWAYS_ON=y
  CONFIG_IPV6_SEG6_BPF=y
  CONFIG_NETFILTER_XT_MATCH_BPF=m
  CONFIG_BPFILTER=y
  CONFIG_BPFILTER_UMH=m
  CONFIG_NET_CLS_BPF=m
  CONFIG_NET_ACT_BPF=m
  CONFIG_BPF_JIT=y
  CONFIG_BPF_STREAM_PARSER=y
  CONFIG_LWTUNNEL_BPF=y
  CONFIG_HAVE_EBPF_JIT=y
  CONFIG_BPF_EVENTS=y
  CONFIG_BPF_KPROBE_OVERRIDE=y
  CONFIG_TEST_BPF=m

  Also my friend just installed 19.10 on his machine and is seeing the
  same warning, but I haven't found anyone else mentioning this issue at
  least on the latest Ubuntu 19.10. The same warning message is
  appearing if I run Ubuntu 19.10 in live mode from the USB stick.

  What I expected to happen: no such error (it doesn't appear on Fedora
  or openSUSE Tumbleweed that I've recently had installed on my other
  SSD)

  What happened instead: error appears during every boot sequence

  It's also worth stressing that the firewall is functioning just fine
  (using standard ufw) despite the error, so I'm guessing this is a
  harmless warning.

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1851056/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1851056] Re: "Proceeding WITHOUT firewalling in effect!" warning

2019-11-05 Thread Dan Streetman
** Also affects: systemd (Ubuntu Eoan)
   Importance: Undecided
   Status: New

** Changed in: systemd (Ubuntu)
   Status: In Progress => Fix Released

** Bug watch added: github.com/systemd/systemd/issues #12673
   https://github.com/systemd/systemd/issues/12673

** Also affects: systemd via
   https://github.com/systemd/systemd/issues/12673
   Importance: Unknown
   Status: Unknown

** Changed in: systemd (Ubuntu Eoan)
 Assignee: (unassigned) => Dan Streetman (ddstreet)

** Changed in: systemd (Ubuntu Eoan)
   Importance: Undecided => Low

** Changed in: systemd (Ubuntu Eoan)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1851056

Title:
  "Proceeding WITHOUT firewalling in effect!" warning

Status in systemd:
  Unknown
Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Eoan:
  In Progress

Bug description:
  Hello everyone,

  I noticed a strange systemd warning in my kernel log about "Proceeding
  WITHOUT firewalling in effect!" There is an older Debian bug mention
  about this same issue and it is said there that it was fixed last
  year: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872560

  Release: Ubuntu 19.10, fresh install, latest updates with updates-testing 
repository enabled
  Systemd-package version: 242-7ubuntu3
  Kernel: Linux 5.3.0-21-generic

  Here is the relevant warning information via running sudo dmesg after
  boot:

  [2.096064] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
kernel_lockdown.7
  [2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
  [2.136885] systemd[1]: File 
/lib/systemd/system/systemd-journald.service:12 configures an IP firewall 
(IPAddressDeny=any), but the local system does not support BPF/cgroup based 
firewalling.
  [2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This 
warning is only shown for the first loaded unit using IP firewalling.)
  [2.158190] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= 
references a path below legacy directory /var/run/, updating 
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update 
the unit file accordingly.
  [2.197029] systemd[1]: Listening on Journal Socket.
  [2.203708] systemd[1]: Starting Create list of required static device 
nodes for the current kernel...
  [2.243900] bpfilter: Loaded bpfilter_umh pid 420
  #Continues normally from here without anything that seems odd

  The included attachment .txt has more information. From what I've read
  online from various bug trackers from other distributions this should
  be related to a missing kernel option (CONFIG_BPF_SYSCALL=y), but this
  option seems to be enabled:

  # Output after running in commandline: grep BPF /boot/config-`uname -r`
  # Kernel settings seem to be correct?
  CONFIG_CGROUP_BPF=y
  CONFIG_BPF=y
  CONFIG_BPF_SYSCALL=y
  CONFIG_BPF_JIT_ALWAYS_ON=y
  CONFIG_IPV6_SEG6_BPF=y
  CONFIG_NETFILTER_XT_MATCH_BPF=m
  CONFIG_BPFILTER=y
  CONFIG_BPFILTER_UMH=m
  CONFIG_NET_CLS_BPF=m
  CONFIG_NET_ACT_BPF=m
  CONFIG_BPF_JIT=y
  CONFIG_BPF_STREAM_PARSER=y
  CONFIG_LWTUNNEL_BPF=y
  CONFIG_HAVE_EBPF_JIT=y
  CONFIG_BPF_EVENTS=y
  CONFIG_BPF_KPROBE_OVERRIDE=y
  CONFIG_TEST_BPF=m

  Also my friend just installed 19.10 on his machine and is seeing the
  same warning, but I haven't found anyone else mentioning this issue at
  least on the latest Ubuntu 19.10. The same warning message is
  appearing if I run Ubuntu 19.10 in live mode from the USB stick.

  What I expected to happen: no such error (it doesn't appear on Fedora
  or openSUSE Tumbleweed that I've recently had installed on my other
  SSD)

  What happened instead: error appears during every boot sequence

  It's also worth stressing that the firewall is functioning just fine
  (using standard ufw) despite the error, so I'm guessing this is a
  harmless warning.

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1851056/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1851056] Re: "Proceeding WITHOUT firewalling in effect!" warning

2019-11-05 Thread Dan Streetman
> Hmm, that probably needs a further look...can you open a new bug for
that, so we can use this one only to fix the scary systemd 'WITHOUT
firewalling' log?

actually, beofre you open a new bug, let me look into the upstream
backport a bit more first.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1851056

Title:
  "Proceeding WITHOUT firewalling in effect!" warning

Status in systemd package in Ubuntu:
  In Progress

Bug description:
  Hello everyone,

  I noticed a strange systemd warning in my kernel log about "Proceeding
  WITHOUT firewalling in effect!" There is an older Debian bug mention
  about this same issue and it is said there that it was fixed last
  year: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872560

  Release: Ubuntu 19.10, fresh install, latest updates with updates-testing 
repository enabled
  Systemd-package version: 242-7ubuntu3
  Kernel: Linux 5.3.0-21-generic

  Here is the relevant warning information via running sudo dmesg after
  boot:

  [2.096064] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
kernel_lockdown.7
  [2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
  [2.136885] systemd[1]: File 
/lib/systemd/system/systemd-journald.service:12 configures an IP firewall 
(IPAddressDeny=any), but the local system does not support BPF/cgroup based 
firewalling.
  [2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This 
warning is only shown for the first loaded unit using IP firewalling.)
  [2.158190] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= 
references a path below legacy directory /var/run/, updating 
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update 
the unit file accordingly.
  [2.197029] systemd[1]: Listening on Journal Socket.
  [2.203708] systemd[1]: Starting Create list of required static device 
nodes for the current kernel...
  [2.243900] bpfilter: Loaded bpfilter_umh pid 420
  #Continues normally from here without anything that seems odd

  The included attachment .txt has more information. From what I've read
  online from various bug trackers from other distributions this should
  be related to a missing kernel option (CONFIG_BPF_SYSCALL=y), but this
  option seems to be enabled:

  # Output after running in commandline: grep BPF /boot/config-`uname -r`
  # Kernel settings seem to be correct?
  CONFIG_CGROUP_BPF=y
  CONFIG_BPF=y
  CONFIG_BPF_SYSCALL=y
  CONFIG_BPF_JIT_ALWAYS_ON=y
  CONFIG_IPV6_SEG6_BPF=y
  CONFIG_NETFILTER_XT_MATCH_BPF=m
  CONFIG_BPFILTER=y
  CONFIG_BPFILTER_UMH=m
  CONFIG_NET_CLS_BPF=m
  CONFIG_NET_ACT_BPF=m
  CONFIG_BPF_JIT=y
  CONFIG_BPF_STREAM_PARSER=y
  CONFIG_LWTUNNEL_BPF=y
  CONFIG_HAVE_EBPF_JIT=y
  CONFIG_BPF_EVENTS=y
  CONFIG_BPF_KPROBE_OVERRIDE=y
  CONFIG_TEST_BPF=m

  Also my friend just installed 19.10 on his machine and is seeing the
  same warning, but I haven't found anyone else mentioning this issue at
  least on the latest Ubuntu 19.10. The same warning message is
  appearing if I run Ubuntu 19.10 in live mode from the USB stick.

  What I expected to happen: no such error (it doesn't appear on Fedora
  or openSUSE Tumbleweed that I've recently had installed on my other
  SSD)

  What happened instead: error appears during every boot sequence

  It's also worth stressing that the firewall is functioning just fine
  (using standard ufw) despite the error, so I'm guessing this is a
  harmless warning.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1851056/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1851056] Re: "Proceeding WITHOUT firewalling in effect!" warning

2019-11-05 Thread Dan Streetman
> [ 1.904409] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
> kernel_lockdown.7
> [ 1.907029] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7

these messages actually come from the kernel, I believe they are
expected (maybe only in secure boot mode, I haven't looked into the new
'lockdown' stuff yet).  The lack of 'kernel_lockdown' manpage appears to
be already reported in bug 1767971.

> [ 1.982629] systemd[1]: system-systemd\x2dfsck.slice: unit configures an IP 
> firewall,
> but the local system does not support BPF/cgroup firewalling.
>
> So there is still the mention about the local system not supporting BPF/cgroup
> firewalling (not sure if that is normal), 

Hmm, that probably needs a further look...can you open a new bug for
that, so we can use this one only to fix the scary systemd 'WITHOUT
firewalling' log?

> but the "Proceeding WITHOUT firewalling in effect!" warning is now gone with 
> the new systemd package.

great; thnx!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1851056

Title:
  "Proceeding WITHOUT firewalling in effect!" warning

Status in systemd package in Ubuntu:
  In Progress

Bug description:
  Hello everyone,

  I noticed a strange systemd warning in my kernel log about "Proceeding
  WITHOUT firewalling in effect!" There is an older Debian bug mention
  about this same issue and it is said there that it was fixed last
  year: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872560

  Release: Ubuntu 19.10, fresh install, latest updates with updates-testing 
repository enabled
  Systemd-package version: 242-7ubuntu3
  Kernel: Linux 5.3.0-21-generic

  Here is the relevant warning information via running sudo dmesg after
  boot:

  [2.096064] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
kernel_lockdown.7
  [2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
  [2.136885] systemd[1]: File 
/lib/systemd/system/systemd-journald.service:12 configures an IP firewall 
(IPAddressDeny=any), but the local system does not support BPF/cgroup based 
firewalling.
  [2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This 
warning is only shown for the first loaded unit using IP firewalling.)
  [2.158190] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= 
references a path below legacy directory /var/run/, updating 
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update 
the unit file accordingly.
  [2.197029] systemd[1]: Listening on Journal Socket.
  [2.203708] systemd[1]: Starting Create list of required static device 
nodes for the current kernel...
  [2.243900] bpfilter: Loaded bpfilter_umh pid 420
  #Continues normally from here without anything that seems odd

  The included attachment .txt has more information. From what I've read
  online from various bug trackers from other distributions this should
  be related to a missing kernel option (CONFIG_BPF_SYSCALL=y), but this
  option seems to be enabled:

  # Output after running in commandline: grep BPF /boot/config-`uname -r`
  # Kernel settings seem to be correct?
  CONFIG_CGROUP_BPF=y
  CONFIG_BPF=y
  CONFIG_BPF_SYSCALL=y
  CONFIG_BPF_JIT_ALWAYS_ON=y
  CONFIG_IPV6_SEG6_BPF=y
  CONFIG_NETFILTER_XT_MATCH_BPF=m
  CONFIG_BPFILTER=y
  CONFIG_BPFILTER_UMH=m
  CONFIG_NET_CLS_BPF=m
  CONFIG_NET_ACT_BPF=m
  CONFIG_BPF_JIT=y
  CONFIG_BPF_STREAM_PARSER=y
  CONFIG_LWTUNNEL_BPF=y
  CONFIG_HAVE_EBPF_JIT=y
  CONFIG_BPF_EVENTS=y
  CONFIG_BPF_KPROBE_OVERRIDE=y
  CONFIG_TEST_BPF=m

  Also my friend just installed 19.10 on his machine and is seeing the
  same warning, but I haven't found anyone else mentioning this issue at
  least on the latest Ubuntu 19.10. The same warning message is
  appearing if I run Ubuntu 19.10 in live mode from the USB stick.

  What I expected to happen: no such error (it doesn't appear on Fedora
  or openSUSE Tumbleweed that I've recently had installed on my other
  SSD)

  What happened instead: error appears during every boot sequence

  It's also worth stressing that the firewall is functioning just fine
  (using standard ufw) despite the error, so I'm guessing this is a
  harmless warning.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1851056/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1851056] Re: "Proceeding WITHOUT firewalling in effect!" warning

2019-11-03 Thread Mahadi Xion
** Changed in: systemd (Ubuntu)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1851056

Title:
  "Proceeding WITHOUT firewalling in effect!" warning

Status in systemd package in Ubuntu:
  In Progress

Bug description:
  Hello everyone,

  I noticed a strange systemd warning in my kernel log about "Proceeding
  WITHOUT firewalling in effect!" There is an older Debian bug mention
  about this same issue and it is said there that it was fixed last
  year: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872560

  Release: Ubuntu 19.10, fresh install, latest updates with updates-testing 
repository enabled
  Systemd-package version: 242-7ubuntu3
  Kernel: Linux 5.3.0-21-generic

  Here is the relevant warning information via running sudo dmesg after
  boot:

  [2.096064] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
kernel_lockdown.7
  [2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
  [2.136885] systemd[1]: File 
/lib/systemd/system/systemd-journald.service:12 configures an IP firewall 
(IPAddressDeny=any), but the local system does not support BPF/cgroup based 
firewalling.
  [2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This 
warning is only shown for the first loaded unit using IP firewalling.)
  [2.158190] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= 
references a path below legacy directory /var/run/, updating 
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update 
the unit file accordingly.
  [2.197029] systemd[1]: Listening on Journal Socket.
  [2.203708] systemd[1]: Starting Create list of required static device 
nodes for the current kernel...
  [2.243900] bpfilter: Loaded bpfilter_umh pid 420
  #Continues normally from here without anything that seems odd

  The included attachment .txt has more information. From what I've read
  online from various bug trackers from other distributions this should
  be related to a missing kernel option (CONFIG_BPF_SYSCALL=y), but this
  option seems to be enabled:

  # Output after running in commandline: grep BPF /boot/config-`uname -r`
  # Kernel settings seem to be correct?
  CONFIG_CGROUP_BPF=y
  CONFIG_BPF=y
  CONFIG_BPF_SYSCALL=y
  CONFIG_BPF_JIT_ALWAYS_ON=y
  CONFIG_IPV6_SEG6_BPF=y
  CONFIG_NETFILTER_XT_MATCH_BPF=m
  CONFIG_BPFILTER=y
  CONFIG_BPFILTER_UMH=m
  CONFIG_NET_CLS_BPF=m
  CONFIG_NET_ACT_BPF=m
  CONFIG_BPF_JIT=y
  CONFIG_BPF_STREAM_PARSER=y
  CONFIG_LWTUNNEL_BPF=y
  CONFIG_HAVE_EBPF_JIT=y
  CONFIG_BPF_EVENTS=y
  CONFIG_BPF_KPROBE_OVERRIDE=y
  CONFIG_TEST_BPF=m

  Also my friend just installed 19.10 on his machine and is seeing the
  same warning, but I haven't found anyone else mentioning this issue at
  least on the latest Ubuntu 19.10. The same warning message is
  appearing if I run Ubuntu 19.10 in live mode from the USB stick.

  What I expected to happen: no such error (it doesn't appear on Fedora
  or openSUSE Tumbleweed that I've recently had installed on my other
  SSD)

  What happened instead: error appears during every boot sequence

  It's also worth stressing that the firewall is functioning just fine
  (using standard ufw) despite the error, so I'm guessing this is a
  harmless warning.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1851056/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1851056] Re: "Proceeding WITHOUT firewalling in effect!" warning

2019-11-03 Thread Valtteri Vainikka
+ Sorry, missed a few lines that may be relevant in that updated log...
It directly continues:

[1.991595] EXT4-fs (sdb2): re-mounted. Opts: errors=remount-ro
[1.993146] bpfilter: Loaded bpfilter_umh pid 418
#Nothing that looks out of place after that

Partition setup: sdb1 is an EFI system partition mounted at /boot/efi,
sdb2 is the root partition and then sdb3 is swap.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1851056

Title:
  "Proceeding WITHOUT firewalling in effect!" warning

Status in systemd package in Ubuntu:
  New

Bug description:
  Hello everyone,

  I noticed a strange systemd warning in my kernel log about "Proceeding
  WITHOUT firewalling in effect!" There is an older Debian bug mention
  about this same issue and it is said there that it was fixed last
  year: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872560

  Release: Ubuntu 19.10, fresh install, latest updates with updates-testing 
repository enabled
  Systemd-package version: 242-7ubuntu3
  Kernel: Linux 5.3.0-21-generic

  Here is the relevant warning information via running sudo dmesg after
  boot:

  [2.096064] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
kernel_lockdown.7
  [2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
  [2.136885] systemd[1]: File 
/lib/systemd/system/systemd-journald.service:12 configures an IP firewall 
(IPAddressDeny=any), but the local system does not support BPF/cgroup based 
firewalling.
  [2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This 
warning is only shown for the first loaded unit using IP firewalling.)
  [2.158190] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= 
references a path below legacy directory /var/run/, updating 
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update 
the unit file accordingly.
  [2.197029] systemd[1]: Listening on Journal Socket.
  [2.203708] systemd[1]: Starting Create list of required static device 
nodes for the current kernel...
  [2.243900] bpfilter: Loaded bpfilter_umh pid 420
  #Continues normally from here without anything that seems odd

  The included attachment .txt has more information. From what I've read
  online from various bug trackers from other distributions this should
  be related to a missing kernel option (CONFIG_BPF_SYSCALL=y), but this
  option seems to be enabled:

  # Output after running in commandline: grep BPF /boot/config-`uname -r`
  # Kernel settings seem to be correct?
  CONFIG_CGROUP_BPF=y
  CONFIG_BPF=y
  CONFIG_BPF_SYSCALL=y
  CONFIG_BPF_JIT_ALWAYS_ON=y
  CONFIG_IPV6_SEG6_BPF=y
  CONFIG_NETFILTER_XT_MATCH_BPF=m
  CONFIG_BPFILTER=y
  CONFIG_BPFILTER_UMH=m
  CONFIG_NET_CLS_BPF=m
  CONFIG_NET_ACT_BPF=m
  CONFIG_BPF_JIT=y
  CONFIG_BPF_STREAM_PARSER=y
  CONFIG_LWTUNNEL_BPF=y
  CONFIG_HAVE_EBPF_JIT=y
  CONFIG_BPF_EVENTS=y
  CONFIG_BPF_KPROBE_OVERRIDE=y
  CONFIG_TEST_BPF=m

  Also my friend just installed 19.10 on his machine and is seeing the
  same warning, but I haven't found anyone else mentioning this issue at
  least on the latest Ubuntu 19.10. The same warning message is
  appearing if I run Ubuntu 19.10 in live mode from the USB stick.

  What I expected to happen: no such error (it doesn't appear on Fedora
  or openSUSE Tumbleweed that I've recently had installed on my other
  SSD)

  What happened instead: error appears during every boot sequence

  It's also worth stressing that the firewall is functioning just fine
  (using standard ufw) despite the error, so I'm guessing this is a
  harmless warning.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1851056/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1851056] Re: "Proceeding WITHOUT firewalling in effect!" warning

2019-11-02 Thread Valtteri Vainikka
Just tested the systemd version from your PPA...

There are some changes:

[1.883017] systemd[1]: systemd 242 running in system mode. (+PAM +AUDIT 
+SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS 
+ACL +XZ +LZ4>
[1.901801] systemd[1]: Detected architecture x86-64.
[1.903755] systemd[1]: Set hostname to .
[1.904376] systemd[1]: Failed to bump fs.file-max, ignoring: Invalid 
argument
[1.904409] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
kernel_lockdown.7
[1.907029] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
[1.948713] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= 
references a path below legacy directory /var/run/, updating 
/var/run/dbus/system_bus_socke>
[1.981938] systemd[1]: Reached target Remote File Systems.
[1.982012] systemd[1]: Listening on fsck to fsckd communication Socket.
[1.982049] systemd[1]: Listening on udev Kernel Socket.
[1.982612] systemd[1]: Listening on Syslog Socket.
[1.982629] systemd[1]: system-systemd\x2dfsck.slice: unit configures an IP 
firewall, but the local system does not support BPF/cgroup firewalling.

So there is still the mention about the local system not supporting
BPF/cgroup firewalling (not sure if that is normal), but the "Proceeding
WITHOUT firewalling in effect!" warning is now gone with the new systemd
package.

With the old systemd package it used to be:

[2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
[2.136885] systemd[1]: File /lib/systemd/system/systemd-journald.service:12 
configures an IP firewall (IPAddressDeny=any), but the local system does not 
support BPF/cgroup based firewalling.
[2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This 
warning is only shown for the first loaded unit using IP firewalling.)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1851056

Title:
  "Proceeding WITHOUT firewalling in effect!" warning

Status in systemd package in Ubuntu:
  New

Bug description:
  Hello everyone,

  I noticed a strange systemd warning in my kernel log about "Proceeding
  WITHOUT firewalling in effect!" There is an older Debian bug mention
  about this same issue and it is said there that it was fixed last
  year: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872560

  Release: Ubuntu 19.10, fresh install, latest updates with updates-testing 
repository enabled
  Systemd-package version: 242-7ubuntu3
  Kernel: Linux 5.3.0-21-generic

  Here is the relevant warning information via running sudo dmesg after
  boot:

  [2.096064] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
kernel_lockdown.7
  [2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
  [2.136885] systemd[1]: File 
/lib/systemd/system/systemd-journald.service:12 configures an IP firewall 
(IPAddressDeny=any), but the local system does not support BPF/cgroup based 
firewalling.
  [2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This 
warning is only shown for the first loaded unit using IP firewalling.)
  [2.158190] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= 
references a path below legacy directory /var/run/, updating 
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update 
the unit file accordingly.
  [2.197029] systemd[1]: Listening on Journal Socket.
  [2.203708] systemd[1]: Starting Create list of required static device 
nodes for the current kernel...
  [2.243900] bpfilter: Loaded bpfilter_umh pid 420
  #Continues normally from here without anything that seems odd

  The included attachment .txt has more information. From what I've read
  online from various bug trackers from other distributions this should
  be related to a missing kernel option (CONFIG_BPF_SYSCALL=y), but this
  option seems to be enabled:

  # Output after running in commandline: grep BPF /boot/config-`uname -r`
  # Kernel settings seem to be correct?
  CONFIG_CGROUP_BPF=y
  CONFIG_BPF=y
  CONFIG_BPF_SYSCALL=y
  CONFIG_BPF_JIT_ALWAYS_ON=y
  CONFIG_IPV6_SEG6_BPF=y
  CONFIG_NETFILTER_XT_MATCH_BPF=m
  CONFIG_BPFILTER=y
  CONFIG_BPFILTER_UMH=m
  CONFIG_NET_CLS_BPF=m
  CONFIG_NET_ACT_BPF=m
  CONFIG_BPF_JIT=y
  CONFIG_BPF_STREAM_PARSER=y
  CONFIG_LWTUNNEL_BPF=y
  CONFIG_HAVE_EBPF_JIT=y
  CONFIG_BPF_EVENTS=y
  CONFIG_BPF_KPROBE_OVERRIDE=y
  CONFIG_TEST_BPF=m

  Also my friend just installed 19.10 on his machine and is seeing the
  same warning, but I haven't found anyone else mentioning this issue at
  least on the latest Ubuntu 19.10. The same warning message is
  appearing if I run Ubuntu 19.10 in live mode from the USB stick.

  What I expected to happen: no such error (it doesn't appear on Fedora
  or openSUSE Tumbleweed that I've recently had installed on my other
  SSD)

  What 

[Touch-packages] [Bug 1851056] Re: "Proceeding WITHOUT firewalling in effect!" warning

2019-11-02 Thread Dan Streetman
can you test with the systemd from this ppa to see if it fixes the warning logs:
https://launchpad.net/~ddstreet/+archive/ubuntu/systemd

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1851056

Title:
  "Proceeding WITHOUT firewalling in effect!" warning

Status in systemd package in Ubuntu:
  New

Bug description:
  Hello everyone,

  I noticed a strange systemd warning in my kernel log about "Proceeding
  WITHOUT firewalling in effect!" There is an older Debian bug mention
  about this same issue and it is said there that it was fixed last
  year: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872560

  Release: Ubuntu 19.10, fresh install, latest updates with updates-testing 
repository enabled
  Systemd-package version: 242-7ubuntu3
  Kernel: Linux 5.3.0-21-generic

  Here is the relevant warning information via running sudo dmesg after
  boot:

  [2.096064] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
kernel_lockdown.7
  [2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
  [2.136885] systemd[1]: File 
/lib/systemd/system/systemd-journald.service:12 configures an IP firewall 
(IPAddressDeny=any), but the local system does not support BPF/cgroup based 
firewalling.
  [2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This 
warning is only shown for the first loaded unit using IP firewalling.)
  [2.158190] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= 
references a path below legacy directory /var/run/, updating 
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update 
the unit file accordingly.
  [2.197029] systemd[1]: Listening on Journal Socket.
  [2.203708] systemd[1]: Starting Create list of required static device 
nodes for the current kernel...
  [2.243900] bpfilter: Loaded bpfilter_umh pid 420
  #Continues normally from here without anything that seems odd

  The included attachment .txt has more information. From what I've read
  online from various bug trackers from other distributions this should
  be related to a missing kernel option (CONFIG_BPF_SYSCALL=y), but this
  option seems to be enabled:

  # Output after running in commandline: grep BPF /boot/config-`uname -r`
  # Kernel settings seem to be correct?
  CONFIG_CGROUP_BPF=y
  CONFIG_BPF=y
  CONFIG_BPF_SYSCALL=y
  CONFIG_BPF_JIT_ALWAYS_ON=y
  CONFIG_IPV6_SEG6_BPF=y
  CONFIG_NETFILTER_XT_MATCH_BPF=m
  CONFIG_BPFILTER=y
  CONFIG_BPFILTER_UMH=m
  CONFIG_NET_CLS_BPF=m
  CONFIG_NET_ACT_BPF=m
  CONFIG_BPF_JIT=y
  CONFIG_BPF_STREAM_PARSER=y
  CONFIG_LWTUNNEL_BPF=y
  CONFIG_HAVE_EBPF_JIT=y
  CONFIG_BPF_EVENTS=y
  CONFIG_BPF_KPROBE_OVERRIDE=y
  CONFIG_TEST_BPF=m

  Also my friend just installed 19.10 on his machine and is seeing the
  same warning, but I haven't found anyone else mentioning this issue at
  least on the latest Ubuntu 19.10. The same warning message is
  appearing if I run Ubuntu 19.10 in live mode from the USB stick.

  What I expected to happen: no such error (it doesn't appear on Fedora
  or openSUSE Tumbleweed that I've recently had installed on my other
  SSD)

  What happened instead: error appears during every boot sequence

  It's also worth stressing that the firewall is functioning just fine
  (using standard ufw) despite the error, so I'm guessing this is a
  harmless warning.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1851056/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp